Ask an IT staff member whether your organization has done enough to educate employees about cybersecurity, and then ask an employee in a different department the same question. You will probably get two very different answers, which supports research indicating a “dramatic disconnect” between the perspective of IT vs. the perspective of other employees regarding security.
Seventy-three percent of surveyed U.S. employees indicated that their company provides sufficient training on how to protect sensitive information, according to Clearswift, a global cybersecurity innovator and data loss prevention specialist. However, nearly the same percentage—72%—of IT professionals indicated that employers are not doing enough to train employees on this topic.
“Most employees are not acting maliciously, but their carelessness can be just as damaging,” said Heath Davies, CEO at Clearswift. “Companies need to wake up to the fact that employees have the potential to cause the company huge damage through their actions, and ensure that training, policies, and technology are in place to minimize that risk. Those sitting on the board need to sit up and pay attention; critical information needs to be governed at the highest levels or it could jeopardize the future of a company.”
Fifty-six percent of surveyed employees have access to their employer’s intellectual property (IP), but less than one-half of them understand the damaging effects of IP being leaked. “The value of a company’s IP is frequently misunderstood. First off, IP comes in many guises and it’s essential for organizations to recognize ‘what’ their IP is, where it exists, and who has access to it,” Davies added.
“IP is often a company’s most prized possession; if it were to fall into a competitor’s hands, or even unauthorized hands, it could cause immense financial damage to a company, or as in the case of the recent attempted U.S. naval espionage charge, potentially result in dire effects. It is incredible that so many survey respondents say they have access to such information, yet so few seem to realize its value,” said Davies.
Clearswift recommends making sure that all employees are trained on proper security measures from day one. “The rise of Shadow IT and shift to hosted environments through cloud applications like DropBox, Google Drive, or Box, in addition to the proliferation of new communications tools in the form of social media and personal devices, also makes it even more important than ever to put a companywide emphasis on security, starting with the executive team,” the company states. Clearswift notes that, although those applications help boost productivity, there are inherent risks associated with using them.
In tomorrow’s Advisor, guest columnist Maurice Uenuma explains how HR professionals in particular are important to network and data security.